Results 1 to 4 of 4

Thread: General questions - networks and hack attacks

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    2

    Question General questions - networks and hack attacks

    Hi!
    New to this site and so trying to get a feel for what the atmosphere around here is like. Interest here relates to network security and dealing with hackers, crackers, attacks and counter measures. I am not referring to networking on an enterprise level, just as that of a non-typical home user with his own network (intranet, as it were) with connection/access/webserver to the larger WWW.

    Bit of background - Windows2000 systems, patched, fortified and hardened to the point that I am confident that I am at least 95% secure against casual hack attacks - still working on and ever vigilant against new attacks.

    Flamers I have no patience for so be forewarned at this point that anyone wanting to get into a useless discussion of 'My OS is better than your OS' - the M$ Sucks crowd, they know who they are - should go demonstrate their immaturity someplace else and not waste my time.

    So, yes, I do think that Windows can be and is a stable and secure OS ... properly maintained .... hence the role and function of network administrators, big or small.

    Now, what I really want to throw out here in this forum is a couple of questions on the subject of network security. While it is possible to go to numerous sites and find information about security and vulnerabilities and ways to patch and protect computers and networks I have noticed that there is very little information on how to really address the questions about hacking and hackers in particular.

    For instance, I have my systems behind a hardware firewall and backed up with a s/w firewall as well. I IP filter to thwart attackers by configuring the OS, the H/W and the S/w, logging traffic so that I have clear evidence of the originating IP addresses ( yes, I know that MAC addresses are the only true way of ever identifying the source ). But if you check online security sites they by and large direct you to search WHOIS for info about the IP address and to contact the appropriate network administrators or service provider ( useless twits! ).

    Who really has the time to do all that work, constantly, when we should be demanding that the service providers implement security measures which will monitor and mitigate the level of hack attacks on THEIR networks which affects US, their paying customers?

    Why is there no method or means available for uploading log files to a central repository where the activities and possible source of origination of these rogue internet users can be shifted, isolated and blunted through a comprehensive examination of their habits and patterns?

    They are, after all, misusing the resources of the corporate networks to carry out their activities - not my network or that of the thousands of users who have gone to great lengths to protect themselves and their computers.

    If it is not the responsibilty of the service providers to ensure that their publicly subsidised ( you and I, the consumers ) networks are secure from such activities what am I suppose to do, short of trekking all over the bloody country hunting down and ripping the connections from hacker computers? Thus, the logged file information on hacker activities essentially become meaningless in seriously address the larger problem.

    That is the nature of my rant. Comments?
    So we profess ourselves to be the slaves of chance, and flies of every
    wind that blows - The Winter\'s Tale

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Hi Shannara,

    One of the biggest issues with your comment/rant is that the Internet is a giant network with twists and turns throughout the the World. And many users are of the mindset that they don't have anything worth stealing. They often don't realize how dangerous it truly is out there.

    Who really has the time to do all that work, constantly, when we should be demanding that the service providers implement security measures which will monitor and mitigate the level of hack attacks on THEIR networks which affects US, their paying customers?
    They obviously think that they do not and that's its not part of their job. Or, if they do, they overwork their admins (something I've seen happen). Very few places except the really big ones seem to take security seriously.

    The closest thing we have to central repositories, so to speak are those like www.incidents.org and www.cert.org but they are large and often overworked.

    One of the things you can do is be persistent with your isp until they do wake up. I send regular emails to my isp of users who have been infected with Code Red and others as well as those who rattle my doorknob. They have turfed a few. They don't publicize it, mostly because a competitor did a series of advertisements about their lack of security.

    Although, unfortunately, it is up to the consumer to convince the Service Provider that security is important. Much like its up to the Admin to convince the CEO that its worthwhile to have a security admin in place.

    While I wish my provider was more proactive in their activities, I do remain persistent in at least trying to clear up my little realm on the internet. Oh and if you're wondering who I deal with.. it's Rogers@home (they have the worst rep for security in Canada, IMHO) =)

    My .003 cents worth (exchange rate don't ya know)

  3. #3
    Member
    Join Date
    Sep 2001
    Posts
    77

    Re: General questions - networks and hack attacks

    First off, hi and welcome

    Originally posted by Shannara

    Who really has the time to do all that work, constantly, when we should be demanding that the service providers implement security measures which will monitor and mitigate the level of hack attacks on THEIR networks which affects US, their paying customers?
    I have a great concern with this, I pay my ISP for transit, ie. I expect all traffic to be passed that is destined for my sites. I may and do filter that traffic according to "MY" own rules at my borders. If my ISP started taking responsibility for my network security, where does that responsibility start and stop? What constitutes an "attack"? Do 100 pings an hour count? You see what I mean.

    ISP's have considered providing managed services, ie secure Internet for those that want it, the problem is cost, it takes human resources to oversee a "secure" Internet connection, 99.9% of consumers out there won't pay for it. They get upset over $20/month unlimited usage dial-up accounts.


    Originally posted by Shannara

    Why is there no method or means available for uploading log files to a central repository where the activities and possible source of origination of these rogue internet users can be shifted, isolated and blunted through a comprehensive examination of their habits and patterns?
    Where would we put it? The Internet comprises systems across a huge diversity of access points. Whats considered hacking in 1 region/country/area is considered testing in others (You only have to monitor the NANOG mailing list for a while to see this). Do we give the U.S. the authority to act, or Somalia?

    Originally posted by Shannara

    If it is not the responsibilty of the service providers to ensure that their publicly subsidised ( you and I, the consumers ) networks are secure from such activities what am I suppose to do, short of trekking all over the bloody country hunting down and ripping the connections from hacker computers? Thus, the logged file information on hacker activities essentially become meaningless in seriously address the larger problem.

    That is the nature of my rant. Comments?
    It is a problem, but one that must be managed by individuals and/or Companies and/or Organiztions connecting to the Internet. Should we treat the Internet as we do our roads? We allow anyone on the NET with absolutly no education required, some people see this as a good thing, others as bad. I personally wouldn't want to see anyone getting on our highways without education and testing.

    Reporting these issues is a problem, and I think you have the best answer, at least it's what I do as well. I allow my upstream ISP access to my NIDS for the purposes of monitoring end points, I also send them reports of any "serious" hack attack. The FBI for example will be very unlikely to respond to any individual reporting hack attempts, you would have to prove loss in order to get a response. I've heard conflicting reports on this, but the figure $20,000 in provable loss before they will investigate comes to mind???

    Anyways, welcome aboard and ask away, thats what this board is all about.

    cheers
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.

  4. #4
    Junior Member
    Join Date
    Oct 2001
    Posts
    2

    Thumbs up Response to obi and MsMittens

    First off, apologies for not responding here to your individual replies indvidually since they do deserve such a response. They have been most appreciated for their lucidity. :-) Saying, Wow! would be too cheesey at this point, I think?


    Next, to MsMittens, I do live in Canada and is connected through Rogers as well - ( sucks since Shaw and the CRTC sold us down the river for a pretty penny or two is my position on that subject. ). With respect to being proactive, as anyone should be when there are clear indications that unauthorised individuals are attempting to enter places with mal-intent, I do making it a point to pester service providers when the intrusions passes even my threshold of tolerable annoyance. Best response to date has been from an ISP in Agentina who after several weeks sent a reply stating that they had identified and discontinued service of one of their subscribers who I had identified through his attempts to hack into my network. Small victory but you take the where you find them.

    And, thank you as well for your response, OBI ( why do I think of Star Wars when I see those letters? ). I understand your concerns about shifting the burden of responsibility for network security unto the shoulders of of ISPs ( along the lines of where does the line start and end where they can dictate what you can or cannot do under the terms of use agreements - I say that it begins and ends where the physical cable connects to my first connection to their network via the modem. )

    I guess what I never did get around in saying in my 'rant' was that if they can demonstrate, in some measurable way, that they care about the concerns of their 'valued customers' when it comes down to the quality and security of their own networks then we, as the customers will not have to be so concerned and 'overburdened' with securing our own personal 'networking spaces'. That is, if it were not for the presence of cops and other quite visible means of assuring us that we are relative safe in our homes and out in public places we'd probably be all living in fortified and baracaded fortresses. Perhaps wrong analogy. But point is, from whence does trust original in the larger picture?

    And that larger picture, as you have alluded to, can be equally scary as well. Check out the following link ..... it's quite long winded but downright informative at the same time, addressing questions and issues you seldom see examined indepth in our mainstream media.

    http://mindworks.dnsalias.net/rights_and_democracy.htm

    And with that, I look forward to some hearty discussions on the subject in the future. The thrusts and parries appear to be promising. :-)
    So we profess ourselves to be the slaves of chance, and flies of every
    wind that blows - The Winter\'s Tale

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •